1. Technical Field of the Invention
This invention relates generally to a network architecture for secure data communications and more particularly to a network architecture with security and high availability for data communications between a secure internal network and an unsecure external network.
2. Description of Related Art
A network edge is particularly vulnerable to unauthorized data transfers and intrusions, especially between an internal secure network and a public external network, such as the Internet. Unauthorized data transfers, such as viruses, spyware, and other types of malware, may be introduced from an external network to an internal network during data communications. In addition, unauthorized intruders from an external network may attempt to access confidential information of an internal network.
The most recent security threats to internal networks are in data theft, data leakage, and targeted code for the purpose of stealing confidential information that can be used for financial gain. For example, credit card information is often targeted for theft. While virus and phishing may obtain the credit card information of a few thousand cardholders, unauthorized access into a single large database of an internal network provides access to millions of cardholder accounts.
In response to increased threats, the Payment Card Industry Data Security Standards (PCI DSS) was developed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., to help facilitate the broad adoption of consistent data security measures in internal networks storing financial data. PCI DSS is a set of comprehensive principles and requirements for enhancing payment account data security with the use of firewall configuration, antivirus software, data encryption and additional security best practices. The PCI Security Standards Council, an independent organization, is responsible for developing and overseeing the standards. The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The core of the PCI DSS is a group of principles and accompanying requirements around which the specific elements of the DSS are organized. The first principle of the PCI DSS is to “Build and Maintain a Secure Network” with the requirement to “Install and maintain a firewall configuration to protect cardholder data.” Therefore, a need exists for a network architecture with high availability and security for data communications between a secure internal network and an unsecure external network that protects the internal network from unauthorized data transfers and intrusions.